Computer
Guid
TEXT
LIKE, EQUAL, NOT_EQUAL
A unique identifier that is a combination of GUID of selected Scan and Active Directory ObjectGUID of the object.
FSName
TEXT
LIKE, EQUAL, NOT_EQUAL
A special unique identifier that is a combination of the Name of the object and the Fully Qualified Domain Name of the Domain.
ObjectSid
TEXT
LIKE, EQUAL, NOT_EQUAL
Active Directory security identifier of object. (Ldap Display Name: objectSid)
Name
TEXT
LIKE, EQUAL, NOT_EQUAL
Name of the specified object. (Ldap Display Name: name)
IsDomainController
BOOLEAN
N/A
Indicates whether the machine is a Domain Controller server.
OperatingSystem
TEXT
LIKE, EQUAL, NOT_EQUAL
The name of the operating system that runs on the computer. (Ldap Display Name: operatingSystem)
OperatingSystemVersion
TEXT
LIKE, EQUAL, NOT_EQUAL
The version of the operating system that runs on the computer. (Ldap Display Name: operatingSystemVersion)
IsEnabled
BOOLEAN
N/A
Indicates whether the object is enabled.
DistinguishedName
TEXT
LIKE, EQUAL, NOT_EQUAL
Active Directory distinguished name of the object. (Ldap Display Name: distinguishedName)
session_count
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Indicates the number of sessions on the computer.
explicit_localadmin_count
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Indicates the number of explicit local admins on the computer.
IsPrivileged
BOOLEAN
N/A
Indicates that the object is Privileged.
IsSMBv202Active
BOOLEAN
N/A
Indicates whether the SMB Version 2.2 is active.
IsUnsupported
BOOLEAN
N/A
Indicates whether the computer runs an unsupported/obsolote operating system.
IsAdmin
BOOLEAN
N/A
Indicates that the object is Admin.
DNSHostName
TEXT
LIKE, EQUAL, NOT_EQUAL
Fully qualified domain name of computer as registered in DNS. (Ldap Display Name: dNSHostName)
IsSpoolActive
BOOLEAN
N/A
Indicates whether the Spool service is running on the computer.
WhenChanged
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The date when this object was last changed. (Ldap Display Name: whenChanged)
IsProtected
BOOLEAN
N/A
Indicates that the object is a direct or nested member of the Protected Users group.
WhenCreated
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The date when this object was created. (Ldap Display Name: whenCreated)
MsDSSupportedEncryptionTypes
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The encryption algorithms supported by user, computer or trust accounts. The KDC uses this information while generating a service ticket for this account. Services and Computers can automatically update this attribute on their respective accounts in Active Directory, and therefore need write access to this attribute. (LDAP Display Name: msDS-SupportedEncryptionTypes)
IsSMBv2v3SignEnabled
BOOLEAN
N/A
Indicates whether the SMB Version 2 and Version 3 protocol signing is enabled.
HasLaps
BOOLEAN
N/A
Indicates whether the local administrator account on the computer is managed through LAPS(Local Administrator Password Solution).
IPAddress
TEXT
LIKE, EQUAL, NOT_EQUAL
IPV4 Network address of the computer.
risk
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The risk score of the object that calculated based on vulnerability counts and severities.
UserAccountControl
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
AllowedtoDelegateSpn
TEXT
LIKE, EQUAL, NOT_EQUAL
Contains Service Principal Name definitions in the context of Constrained Delegation. (LDAP Display Name: msDS-AllowedToDelegateTo)
SAMAccountName
TEXT
LIKE, EQUAL, NOT_EQUAL
The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. (Ldap Display Name: sAMAccountName)
DontReqPasswd
BOOLEAN
N/A
Indicates whether the object's password can be blank.
DontReqPreauth
BOOLEAN
N/A
Indicates whether the Kerberos Pre-Authentication mechanism was disabled for the object.
Cn
TEXT
LIKE, EQUAL, NOT_EQUAL
The name that represents an object. Used to perform searches. (Ldap Display Name: cn)
IsSMBv2v3SignRequired
BOOLEAN
N/A
Indicates whether the SMB Version 2 and Version 3 protocol requires signing.
IsLocalEnumFailed
BOOLEAN
N/A
Indicates whether the local enumeration phase of a scan failed on this computer.
HasReversibleEncryption
BOOLEAN
N/A
Indicates whether the object is using reversible encryption instead of hash to keep credentials.
IsSMBv210Active
BOOLEAN
N/A
Indicates whether the SMB Version 2.10 is active.
SidHistory
TEXT
LIKE, EQUAL, NOT_EQUAL
Contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and that new SID becomes the objectSID. The previous SID is added to the sIDHistory property. (Ldap Display Name: sIDHistory)
IsSMBv1Active
BOOLEAN
N/A
Indicates whether the SMB Version 1 is active.
PwdLastSet
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The date and time that the password for this account was last changed. If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon. (Ldap Display Name: pwdLastSet)
IsUsingDESAlgorithmForHashing
BOOLEAN
N/A
Indicates whether the object is using an insecure DES algorithm in Kerberos protocol.
AdminCount
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). (Ldap Display Name: adminCount)
LapsExpirationTime
DATE
SMALLER, LARGER, BETWEEN, EQUAL
Stores the password expiration time of LAPS. (Ldap Display Name: ms-Mcs-AdmPwdExpirationTime)
LastLogon
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The last time the user logged on. This attribute is not replicated to other Domain Controllers. (Ldap Display Name: lastLogon)
HasUnconstrainedDelegation
BOOLEAN
N/A
Indicates whether the Unconstrained Delegation is activated on the object.
IsSMBPortOpen
BOOLEAN
N/A
Indicates whether port 445 of the computer is accessible.
LogonCount
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The number of times the account has successfully logged on. This attribute is not replicated to other Domain Controllers. (Ldap Display Name: logonCount)
IsSMBv311Active
BOOLEAN
N/A
Indicates whether the SMB Version 3.1 is active.
BadPwdCount
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The number of times the object tried to log on to the account using an incorrect password. (Ldap Display Name: badPwdCount)
HasConstrainedDelegation
BOOLEAN
N/A
Indicates whether the Constrained Delegation is activated on the object.
IsStealth
BOOLEAN
N/A
Indicates that the object can compromise admin objects with at least one attack path.
HasResourceBasedConstrainedDelegation
BOOLEAN
N/A
Indicates whether the Resource Based Constrained Delegation is activated on the object.
IsSMBv300Active
BOOLEAN
N/A
Indicates whether the SMB Version 3 is active.
group_delegated_localadmin_count
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Indicates that the object has group delegated local admin privilege on how many computers.
PrimaryGroupID
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Contains the relative identifier (RID) for the primary group of the object. (Ldap Display Name: primaryGroupID)
IsSMBv302Active
BOOLEAN
N/A
Indicates whether the SMB Version 3.2 is active.
LastLogonTimestamp
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The time that the user last logged into the domain. This attribute is replicated to other Domain Controllers but not updated until after 14 (msDS-LogonTimeSyncInterval) days. (Ldap Display Name: lastLogonTimestamp)
SAMAccountType
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
IsLocalAdmin
BOOLEAN
N/A
Indicates that the object is a member (direct or nested) of a local administrators group in at least one computer.
HasProtocolTransition
BOOLEAN
N/A
Indicates whether the Constrained Delegation with Protocol transition is activated on the object.
IsSMBv1SignRequired
BOOLEAN
N/A
Indicates whether the SMB Version 1 protocol requires signing.
Last updated
Was this helpful?